Twitter launched a new link-screening service on Tuesday aimed at preventing phishing and other malicious attacks against users of the popular microblogging service.

10 Mar 2010 4:00pm GMT

PCI security guidance mandates not only the creation of logs and retention, but also their review. It is essential that your logging policy and procedures cover such daily review tasks, whether using log management tools or manually.

10 Mar 2010 4:00pm GMT

A senior Indian banker has been arrested by Indian police for an online fraud in which hackers siphoned close to 2.7 million Indian rupees (US$60,000) from a bank account, a senior police official of the Indian state of Tamil Nadu said on Wednesday.

10 Mar 2010 4:00pm GMT

10 Mar 2010 2:29pm GMT

Two weeks ago I posted about the Summary Care Record, a project to centralise medical records in England and Wales under the pretext that central records might be useful in emergency care. At the time, I wrote to the Cabinet Secretary asking whether it was appropriate to use taxpayers' funds to leaflet millions of homes on a politically sensitive topic during an election campaign; I haven't yet got a reply.

Doctors' leaders are now alarmed. Patients are being misinformed, and opt-out is being made difficult.

The information being given to patients is false and misleading. The SCR promotional leaflet says anyone who has access to your records … must be directly involved in caring for you. However, large numbers of officials will have access. And as I already noted, the SCR isn't as helpful in emergencies as it's spun. Its purpose is actually different: to provide the basis for a centralised electronic patient record for everyone.

Doctors have noted that in the pilot areas, seven out of ten patients are unaware that an SCR was created for them. The patient information packs don't contain an opt-out form; you're supposed to phone the call centre for one. Over two hundred thousand people have downloaded an opt-out letter from www.thebigoptout.org; now the NHS says it wants doctors to ignore this and get everyone who wants to opt out to use this form instead (which GPs can't order in bulk).The roll-out is rushed and displays typical incompetence: for example, some patients have been sent other patients' letters. I am sure this story will run and run.

10 Mar 2010 2:17pm GMT

Related Posts

1. Steve Benson: CageWorld
2. Steve Benson: Feeling Better
3. Steve Benson: Rotten Apple
4. Steve Benson: Tempus Fugit
5. Steve Breen: Winter Games…

10 Mar 2010 1:27pm GMT

Online banking losses up though

A rise in online banking fraud losses took some of the shine off the overall fall in debit and credit fraud in the UK last year.…

10 Mar 2010 1:21pm GMT

Brian Snow, respected, former United States National Security Agency IA Chief, unequivocally voices what we have always known: Trust the cloud - Not… More information, including a short snip of the original post, appears after the post.

via ITWorld's Tim Greene: "Former NSA tech chief: I don't trust the cloud"

The former National Security Agency technical director told the RSA Conference he doesn't trust cloud services and bluntly admonished vendors for leaving software vulnerabilities unpatched sometimes for years. Speaking for himself and not the agency, Brian Snow says that cloud infrastructure can deliver services that customers can access securely, but the shared nature of the cloud leaves doubts about attack channels through other users in the cloud. "You don't know what else is cuddling up next to it," he says. Snow was speaking as a member of the annual cryptographers panel at RSA Conference. Another panelist said he doesn't trust clouds either, but his reluctance was based upon worry about what NSA might be up to. Adi Shamir a computer science professor at Israel's Weizmann Institute of Science and also the "S" in the RSA encryption algorithm, warned against trusting cloud computing services for the same reason he suspects the confidentiality of transmissions over telecom networks and the Internet. He says the phone systems are secure, but that major crossroads in their networks are tapped by the NSA. "There's a pipe out of the back of an office at AT&T in San Francisco to NSA," he said.

Related Posts

1. XKCD: Snow Tracking
2. Cloud Company Loses Customer Data, In The Cloud…
3. Securosis: 5 Stages Of Cloud Computing Grief
4. MySQL Workbench Functions On Snow Leopard
5. Cloud Anti-Virus? Panda AV Cloud in Beta

10 Mar 2010 1:17pm GMT

Related Posts

1. PCI DSS 2.2.1: Single Function Servers
2. XKCD: New Car
3. XKCD: The Well 2
4. XKCD: TED
5. XKCD: Too Old…

10 Mar 2010 1:10pm GMT

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, "Identity and its Verification," in Computer Law & Security Review, Volume 26, Number 1, Jan 2010.

Those faced with the problem of how to verify a person's identity would be well advised to ask themselves the question, 'Identity with what?' An enquirer equipped with the answer to this question is in a position to tackle, on a rational basis, the task of deciding what evidence will be useful for the purpose. Without the answer to the question, the verification of identity becomes a sadly familiar exercise in blind compliance with arbitrary rules.

10 Mar 2010 1:09pm GMT

Theres been a lot of discussion about the recent stories on parsing firewall logs - Marks story at http://isc.sans.org/diary.html?storyid=8293 , Daniels story at http://isc.sans.org/diary.html?storyid=8347 , and Kyles at http://isc.sans.org/diary.html?storyid=8362 have covered a number of methods and tools for plumbing the depths of your firewall logs.



In these stories, its been stressed that theres gold in them there logs! Reviewing your logs is legally required under several regulatory frameworks, and just plain makes sense reviewing inbound and outbound traffic is an excellent way to find stuff being sent or received that shouldnt be happening, finding malware or finding violations of corporate policies.



But, you say, thats all great, but many firewall logs are over 500MB per day, and if you're not a command line guru with grep, uniq, sort, awk or perl, what do you do? Or what if the firewall log output is just so much scrambled eggs to you? How are you supposed to plow through all that text and data for the few pearls that you can expect to find that might indicate a problem? For me, the answer is easy, use tools that summarize Netflow data. Netflow is a facility that is available on many network devices that examines all the traffic through the device interfaces, and summarizes it by source and destination IP address, as well as source and destination port and how much data was sent or received.. It then sends this summarized data to a server application called a Netflow Collector. Netflow is generally associated with Cisco gear, but there is an RFC equivalent in sFlow (RFC 3176) that is implemented by many other vendors, or a Juniper specific version in jFlow.



Continuing on, the Netflow collector then stashes this data into a database, and then gives you a nice web front-end to the data, allowing you to slice and dice the addresses and associated values in prepackaged reports, or do ad-hoc queries. So if you want to see why internet bandwidth was maxed out last Tuesday over lunch, who the culprit was and what they were doing, its a piece of easy!



It sounds complicated, but in practice its generally about 4-5 lines of config on the device (router, switch or firewall - check your documentation for specifics), and a GUI setup on the server. There are lots of Netflow Collector apps out there, I wont start the religious war of stating that one is better than another I use any one of 7 or 8 different ones, depending on which client Im working with that day.



Lets take a look at a typical lets review the firewall activity session that you might have as part of your daily routine. This data is from a client site where I set Netflow up last week, I was going through an orientation session with the client IT Team (which is also the Incident Handling team at this organization), as well as using the tool in response to widespread user complaints about internet performance issues.



Lets start at the TCP applications (aka sort data by TCP destination port)screen in this example were just looking at the data from the last hour, for the inside interface of the firewall.





On the face of it, all looks well, all the usual suspects are there, but lets dig a bit deeper lets take a closer look at SMTP.





The SMTP traffic looks pretty much as we expected lots and lots of mail being sent from the mail server ( 10.0.0.73 ). But hey whats that station 10.0.0.233? - should there be another SMTPsender? After some digging, it turns out we had a workstation using a personal POP/SMTP email client from work this was a clear violation of the Acceptable Use Policy at this organization.



Lets go back to the main screen, and dig into the TCP_App section, which is the bit bucket that this particular Netflow application puts things into when it doesnt recognize what the target tcp port is.





Jackpot! What we have here is a number of stations, all running peer-to-peer applications (each line is a different target ip address). This was no surprise two days after the Oscars, but this is another clear violation of this Organizations Acceptable Use Policy, and one of the best ways to introduce malware into the Organization as well. Not only that, it takes LOTS of bandwidth and LOTS of address translation resources (aka memory)at the firewall sessions like this can easily affect Internet performance for the entire corporation. Depending on the country, this might be a great way to get sued under copyright infringement as well !



Now lets look at the data a bit differently lets look at session totals over the last hour by IPaddress, sorted by volume.




Take a look at that first line thats a station on the inside, using an anonymizer proxy out on the internet (tcp/8080). OUCH thats someone who is not only violating policy, theyre knowingly trying to cloak their actions. Theyre also the heaviest user in the last hour. Again, were 2 days after the Oscars, so its no mystery what that 200mb session is all about. But on any other week, there would be a real chance of finding some call the cops type illegal activity going on with proxy sessions like this.
Needless to say, after this short exploration, we're working on a egress filter for this firewall. The we trust our usersposition not only ignores the fact that even if you trust your users, trusting your users' malware should be part of your business model, but as you can see from this, you can't trust (all of)your users either.
You can see from this that using a good Netflow Collector application will give you a great window into the traffic transiting your firewall or router, pretty much as granular as you want to be. We collected all this data in about 10 minutes, running a tutorial for the IT group at the same time. I still use grep, awk and the rest more than I use Netflow, but a good Netflow app can give you nice management style reports, historical queries into your router or firewall data and really granular analysis with almost no time investment. If you're not a CLIperson, Netflow can go a long way towards getting you really deep into your firewall activity.




=============== Rob VandenBrink, Metafore ==============

10 Mar 2010 1:08pm GMT

In honor and recognition of the phenominal work of Charles P. Thacker, the Association of Computing Machinery has awarded the Xerox PARC alumnus with the 2009 A.M. Turing Award. Thacker, creator of the Alto, the first modern personal computer [also cited was his co-creation of Ethernet Networking, in, and of itself, one of the great inventions of the last century]. After all, the network IS the computer, right? The full announcement appears after the jump. Congratulations Dr. Thacker!

ACM Turing Award Goes to Creator of First Modern Personal Computer

Thacker, Founding Member of Three Major Research Labs, Linked to Tablet PC and Other Major Innovations in Computing

Printable Word File

NEW YORK, March 9, 2010 - ACM, the Association for Computing Machinery today named Charles P. Thacker the winner of the 2009 ACM A.M. Turing Award http://awards.acm.org/2010/turing-award.cfm for his pioneering design and realization of the Alto, the first modern personal computer, and the prototype for networked personal computers. Thacker's design, which he built while at Xerox PARC (Palo Alto Research Center), reflected a new vision of a self-sufficient, networked computer on every desk, equipped with innovations that are standard in today's models. Thacker was also cited for his contributions to the Ethernet local area network, which enables multiple computers to communicate and share resources, as well as the first multiprocessor workstation, and the prototype for today's most used tablet PC, with its capabilities for direct user interaction. The Turing Award, widely considered the "Nobel Prize in Computing," is named for the British mathematician Alan M. Turing. The award carries a $250,000 prize, with financial support provided by Intel Corporation and Google Inc.

"Charles Thacker's contributions have earned him a reputation as one of the most distinguished computer systems engineers in the history of the field," said ACM President Professor Dame Wendy Hall. "His enduring achievements-from his initial innovations on the PC to his leadership in hardware development of the multiprocessor workstation to his role in developing the tablet PC-have profoundly affected the course of modern computing."

Andrew Chien, Vice President of Intel Labs and Director of Future Technologies Research at Intel Corporation said, "Charles Thacker's design of the Alto computer embodied the key elements of today's personal computers, and is at the root one of the world's most innovative industries that empowers individuals around the world. We applaud Chuck's clarity of insight, focus on simplicity, and his incredible track record of designing landmark systems that have accelerated the progress of both research and industry for decades."

"Google is pleased to join in honoring Charles Thacker for his far-reaching role in the birth of one of the most important technologies in the 20^th century," said Alfred Spector, Vice President of Research and Special Initiatives at Google Inc. "His contributions made possible the style of computing that we enjoy today, and we are proud to be a sponsor of the ACM Turing Award to encourage continued research in computer science, and the related technologies that depend on its continued advancement."

Influencing the Course of Computer History
Thacker created and collaborated on what would become the fundamental building blocks of the PC business. The Alto computer, developed in 1974, incorporated bitmap (TV-like) displays which enable modern graphical user interfaces (GUIs), including What You See Is What You Get (WYSIWYG) editors. These components have dominated computing during the last two decades. Thacker was the co-inventor of the Ethernet local area network, introduced in 1973, the "interconnection fabric" that allows multiple digital devices such as workstations, printers, scanners, file servers, and modems to communicate with each other. Today's Ethernets, which are thousands of times faster than the original version, have become the dominant local area networking technology.

At Digital Equipment Corporation's System Research Center, Thacker designed the Firefly multiprocessor workstation, an innovation that has new relevance in the current multicore world. These systems are widely used across many domains for their ability to improve productivity and create performance advantages, with applications for embedded architecture, network systems, digital signal processing, graphics, and special effects.

Thacker went on to Microsoft Research in 1997 to help establish its Microsoft Research Cambridge laboratory, where he also oversaw the design of the first prototypes on which most of today's tablet PCs are based. Described as the most significant recent advance in the PC hardware platform, they enable faster, more powerful operations and they offer fundamentally new capabilities for direct interaction with users that are fast becoming part of the mainstream of computing. After joining the Tablet PC team to help shepherd the product to market, he returned to Microsoft Research in 2005, and is currently engaged in computer architecture research at Microsoft's Silicon Valley campus.

Background
Thacker has published extensively and holds 29 patents in computer systems and networking. He is a Distinguished Alumnus of the Computer Science Department of the University of California Berkeley, where he earned a B.S. in physics. He holds an honorary doctorate from the Swiss Federal Institute of Technology (ETH) and is a Fellow of ACM and the Computer History Museum. He is also a member of the American Academy of Arts and Sciences and the U.S. National Academy of Engineering.

For the development of Alto, Thacker (with Butler Lampson and Robert Taylor) received the 1984 ACM Software System Award. In 2004, (with Lampson, Taylor, and Alan Kay) he was awarded the Charles Stark Draper prize for the development of the first networked personal computers. In 2007, he was the recipient of IEEE's John von Neumann medal.

ACM will present the 2009 A.M. Turing Award at its Awards Banquet on June 26, in San Francisco, CA.

About the ACM A.M. Turing Award
The A.M. Turing Award was named for Alan M. Turing, the British mathematician who articulated the mathematical foundation and limits of computing, and who was a key contributor to the Allied cryptanalysis of the German Enigma cipher during World War II. Since its inception in 1966, the Turing Award has honored the computer scientists and engineers who created the systems and underlying theoretical foundations that have propelled the information technology industry. Go to http://awards.acm.org/turing for information.

About ACM
ACM, the Association for Computing Machinery www.acm.org, is the world's largest educational and scientific computing society, uniting computing educators, researchers and professionals to inspire dialogue, share resources and address the field's challenges. ACM strengthens the computing profession's collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

Related Posts

1. Genius: Barbara Liskov, Ph.D., Named Winner Of 2008 ACM A.M. Turing Award
2. ACM Fellow Named Oscar Winner
3. Bletchely Park Slates 2009 Alan Turing Memorial Soiree
4. Genius: Alan Mathison Turing, Ph.D., OBE, FRS
5. ACM Announces Awards Deadline

10 Mar 2010 1:08pm GMT

Microsoft warns of an unpatched vulnerability in Internet Explorer 6 and 7, which is already being actively exploited in targeted attacks to infect Windows PCs with a Trojan

10 Mar 2010 12:59pm GMT

Twitter has announced that it is launching a new service to protect its users against phishing and other attacks by attempting to detect, intercept and prevent "bad links" before a user has a chance to click on them

10 Mar 2010 12:54pm GMT

Microsoft warns of an unpatched vulnerability in Internet Explorer 6 and 7, which is already being actively exploited in targeted attacks to infect Windows PCs with a Trojan

10 Mar 2010 12:49pm GMT

Every twt.tl bit helps

Twitter has tightened up security procedures in order to curtail phishing attacks against users of the micro-blogging service, which have become rampant over recent weeks.…

10 Mar 2010 12:46pm GMT